Date: Tue, 26 Jan 2021 21:59:05 -0500 From: petru garstea <peter.garshtja@ambient-md.com> To: Ernie Luzar <luzar722@gmail.com> Cc: freebsd-jail@freebsd.org Subject: Re: Jails - vnet- netgraph Message-ID: <1cdee0f4-a684-0c7d-f4b7-377d5a29d722@ambient-md.com> In-Reply-To: <60105725.3010703@gmail.com> References: <5eebbbcf-9912-d980-21e3-c5628005421b@ambient-md.com> <60105725.3010703@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ernie,
jib script is working fine, however in my current setup I need to
emulate bridge interface with netgraph subsystem, I tried to manage that
part with jng script with no luck then I decided to create the netgraph
bridge manually using ngctl client and in the end the result was the same.
In the recent FreeBSD magazines it was mentioned that "bridging" was
refactored and I would like to know if that might be impacted the
netgraph bridge.
Please advise
Cheers,
Petru Garstea
On 1/26/21 12:53 PM, Ernie Luzar wrote:
> petru garstea wrote:
>> Greetings FreeBSD community,
>>
>>
>> Â Â Â OS: FreeBSD sun 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1
>> GENERICÂ amd64
>>
>>
>> I am trying to build a netgraph vnet jail with support of official
>> jng script that comes with FreeBSD and developed by Devin Teske.
>>
>> jail.conf file
>>
>> netgraph {
>> Â devfs_ruleset = 13;
>> Â enforce_statfs = 2;
>> Â exec.clean;
>> Â exec.consolelog = /var/log/bastille/netgraph_console.log;
>> Â exec.start = '/bin/sh /etc/rc';
>> Â exec.stop = '/bin/sh /etc/rc.shutdown';
>> Â host.hostname = netgraph;
>> Â mount.devfs;
>> Â mount.fstab = /usr/local/bastille/jails/netgraph/fstab;
>> Â path = /usr/local/bastille/jails/netgraph/root;
>> Â securelevel = 2;
>>
>> Â vnet;
>> Â vnet.interface = e0b_bastille0;
>> # exec.prestart += "jib addm bastille0 re0";
>> # exec.poststop += "jib destroy bastille0";
>> Â exec.prestart += "jng bridge netgraph re0";
>> Â exec.poststop += "jng shutdown netgraph" ;
>> }
>>
>> When I start the jail, netgraph subsystem raise the following exception
>>
>> ngctl: send msg: No such file or directory
>> jail: netgraph: jng bridge netgraph re0: failed
>>
>> I tried also to create the netgraph bridge with not using jng script
>>
>> ngctl mkpeer re0: bridge lower link0
>> ngctl: send msg: No such file or directory
>>
>> From what I found it looks it used to work on FreeBSD 11.x and
>> stopped working in version 12.
>>
>> Any thoughts ?
>>
>> Please advise
>>
>>
>> Cheers,
>>
>> Petru Garstea
>>
>
> Don't see any reply so I will try to help you.
> If I remember correctly the jib and jng was added as documentation
> back around freebsd 10.00. I have tried to get it to work 10+, 11+
> ,12+ with no joy. There is something missing but can not tell what it
> is. The jail environment has gone through many changes over time so no
> wonder jib/jng don't work now.
>
> Netgraph is a complete subsystem for network configuration that has
> it's own syntax and commands. The learning curve is pretty great.
> There is a outstanding bug and Devin Teske & (she) has taken up the
> bug. Hopping 13 holds the bug fix.
>
>
>
>
>
>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1cdee0f4-a684-0c7d-f4b7-377d5a29d722>